Console security means controlling which commands operators can enter on their consoles to monitor and control MVS™. How you define command authorities for your consoles or control logon for operators allows you to plan the operations security of your MVS system or sysplex. In a sysplex, because an operator on one system can enter commands that affect the processing on another system, your security measures become more complicated and you need to plan accordingly.

If your installation plans to use extended MCS consoles, you should consider ways to control what an authorized TSO/E user can do during a console session. Because an extended MCS console can be associated with a TSO/E userid and not a physical console, you might want to use RACF® to limit not only the MVS commands a user can enter but from which TSO/E terminals the user can enter the commands.

Controlling command authority with the AUTH attribute describes the AUTH attribute and command groups. Using RACF to control command authority and operator logon describes RACF and the LOGON keyword for the DEFAULT statement. Special security considerations for SMCS consoles appear in Providing security for SMCS consoles.